FBI Take Down Notorious Hacker Marketplace

The FBI, in cooperation with international law enforcement agencies, have successfully seized Genesis Market, a notorious hacker marketplace, in an operation dubbed "Operation Cookie Monster".

The operation took place on April 4th, involving law enforcement agencies from the United States, United Kingdom, Australia, Canada, Germany, Poland, Sweden, and many countries throughout the EU. The operation resulted in the arrest of 119 individuals, 208 property searches, and 97 knock-and-talk measures.

In a statement from the Department of Justice (DOJ), Attorney General Merrick B. Garland stated: "Working across 45 of our FBI Field Offices and alongside our international partners, the Justice Department has launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses, and governments around the world."

Genesis Market was an invitation-only online marketplace that sold stolen credentials, cookies, and digital browser fingerprints. These fingerprints, or "bots", include IP addresses, session cookies, plugins, and system information that allow attackers to impersonate a victim’s browser and access sensitive accounts — entirely without the need for a password or two-factor authentication.

The number of bots for sale on the marketplace was increasing, with over 20,000 added per month in 2021. As of March 2023, the number of bots available for sale had grown to over 450,000.

The now-defunct marketplace has also been linked to millions of financially motivated cyber incidents globally. Since its inception in 2018, the DOJ said Genesis Market offered access to data stolen from more than 1.5 million compromised devices worldwide, containing over 80 million account access credentials.

The FBI provided the data breach notification website HaveIBeenPwned.com with "millions" of email addresses and passwords that were available for sale on the Genesis Market, which internet users can check to see if they were compromised by the marketplace.

In its statement, the DOJ noted that: "Our seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces: the Justice Department and our international partners will shut down your illegal activities, find you, and bring you to justice."